Senator to Ex-CEO: Equifax Can't Be Trusted with Americans' Personal Data

210 pointsby gopalakrishnansover 7 years ago

12 comments

Top19over 7 years ago

This is the choice quote:> "This simply is not a company that deserves to be trusted with Americans' personal data," said Sen. Sherrod Brown, D-Ohio,Obviously this quote leaves out a lot of nuance, but I like it and I like what Senator Brown has said in general. What Equifax has let happen is very bad, and I think moral judgments and perhaps even shame (which is how a society can enforce morality) should be brought onto its leaders individually.I hate how businesses and business persons have been making horrible, destructive decisions for decades (not that humans in all fields weren’t beforehand) and have been escaping any kind of shame. Indeed they’ve been praised in many cases.If you look at the top-level pages on Wikipedia (there are about 11 of them), one of them is for “Society”. About a third way down you’ll see “Business” listed under Society. I think this is a good reminder that business is a part of and functions for society, not the other way around.<a href="https://en.wikipedia.org/wiki/Portal:Contents/Society_and_social_sciences" rel="nofollow">https://en.wikipedia.org/wiki/Portal:Contents/Society_and_so...</a>

评论 #15407062 未加载

评论 #15411998 未加载

评论 #15407979 未加载

评论 #15408735 未加载

评论 #15406792 未加载

评论 #15406757 未加载

maxxxxxover 7 years ago

I think they have to be careful not to focus on Equifax only. Instead they should think about systems where such a breach is just not possible. It's only a matter of time until other companies like credit card companies get breached. Same for Google and Facebook. We need a system where an individual can hand over information one a case-by-case basis and revoke that information anytime.

评论 #15406791 未加载

评论 #15406610 未加载

olivermarksover 7 years ago

Meanwhile, 'The IRS will pay Equifax $7.25 million to verify taxpayer identities and help prevent fraud under a no-bid contract issued last week, even as lawmakers lash the embattled company about a massive security breach that exposed personal information of as many as 145.5 million Americans.'<a href="http://www.politico.com/story/2017/10/03/equifax-irs-fraud-protection-contract-243419" rel="nofollow">http://www.politico.com/story/2017/10/03/equifax-irs-fraud-p...</a>

评论 #15407728 未加载

partycoderover 7 years ago

Meanwhile:- Former Equifax CEO is walking away with 90 million dollars.- Equifax's stock price (NYSE:EFX) is recovering.- Equifax is being awarded contracts and continues to serve as a credit bureau.- The leaked information is being traded among fraudsters, and will remain to be traded for years.Welcome to the golden age of bullshit.

评论 #15407950 未加载

hpcjoeover 7 years ago

While it is always "fun" (for some definition of the word fun) to pile on, and sometimes watch the otherwise clueless elected officials to get soundbites at the expense of a hapless CEO of a company that did bad things, or allowed bad things to happen on their watch ... the bigger picture is one of what sequence of events enabled this to occur. Placing the blame on an OSS component, or a "sole IT" person is both unfortunate, and generally wrong.None of this would have come to fruition had the business model not been one of "lets gather and curate high value information and intelligence about individuals", without an appropriate "gee, we have high value intelligence and information on individuals, maybe we should design our systems so that in the event of a failure of a security system, damage would be minimal." When you aggregate, curate, sell access to high value information, you damned well better have a good and fail safe security model. So if your DCs are overrun with hackers, the data exfiltrated would be unusable.More specifically, the principle I claim to be implicitly at play here is, with great power and/or information, comes great responsibility. Pointing fingers at lower level subordinates for their possible failings ... opening up and exposing the entire business model's core weaknesses in terms of data protection, and data access integrity and control ... means that the organization has simply failed to maintain, audit, test, and verify that its control systems are adequate to the task. Blaming an OSS component for all the damage means that the rest of the systems were not designed and built to the necessary level of safety and security.This is part of what I find unconscionable. They attempt to absolve themselves of blame by pointing fingers.When an organization does crap like this, you know they have many other problems. And yes, you cannot, and should not trust them going forward. If data was exfiltrated from them (and it was), is it possible that their data was altered in situ? Yes, yes it is.They should not be allowed to have such data in their control again. Seriously, if you can't control access to the data, you can't have the data.

sethgeckoover 7 years ago

I was thinking, would it be a viable solution for the government to employ pen testers to test companies like banks/ISPs etc? It would more than pay for itself from the fines they would impose to those that hold sensitive citizen data and fail to hold high standards of security.

评论 #15409105 未加载

allengeorgeover 7 years ago

Call me cynical, but it's not going to change anything:* Equifax won't have fines levied against it* C-level staff won't have to pay fines (because they put in place or rewarded a corporate culture that made security a low priority)* Banks and other institutional customers won't stop using Equifax* No additional regulation will be createdIt's all theatre; we'll have "thoughts and prayers" directed our way while nothing of substance changes.

评论 #15408659 未加载

featherverseover 7 years ago

Duh, Senator. We knew this when Experian got hacked.Experian, Equifax, TransUnion, and any other credit bureaus are going to fail to protect people's personal data. There is no such thing as "unhackable", they are the biggest honey pots, and the majority of the Information Technology hiring pool is incompetent. The majority of competent candidates are underpaid or underappreciated and so they don't care as much as we need them to.Put all these things together and you have inevitable disaster after disaster after disaster.Credit Bureaus are old-think. They are unsafe, unsecure, and they don't fit with Future-Era lifestyle.Something better is required.

LyalinDotComover 7 years ago

Is that before or after the same senators awarded Equifax a $7.5M no-bid IRS contract? <grin>

评论 #15408708 未加载

评论 #15407354 未加载

评论 #15406656 未加载

mrskitchover 7 years ago

This whole credit tracking industry is so unconstitutional it's crazy. I hope that this awakens people to the fact that their identities and personal data _should_ be theirs, and that they should fight tooth and nail to grant access to it. Centralizing information such as this is a "single-point-of-failure", or it is in spirit.I wish I had suggestions, but feel the something like a blockchain or other ledger is a step in the right direction. This Ted talk on the subject is interesting <a href="https://www.ted.com/talks/don_tapscott_how_the_blockchain_is_changing_money_and_business" rel="nofollow">https://www.ted.com/talks/don_tapscott_how_the_blockchain_is...</a>

评论 #15406642 未加载

评论 #15408766 未加载

LoSboccaccover 7 years ago

Total dodge of the ssn as authentication issue

jasonkostempskiover 7 years ago

No one can.